Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Interop: How to Stop Ransomware With Network Visiblity

VIDEO: Raja Mukerji, co-founder and president of ExtraHop Networks, discusses how network visibility can help stop the scourge of ransomware.

LAS VEGAS—Among the most pernicious forms of malware today is ransomware, which encrypts user devices until a fee is paid to the attacker. There are a number of different ways to find and defend against ransomware, including detecting attacks through network visibility, which is where ExtraHop Network enters the picture.

In a video interview at the Interop conference here, Raja Mukerji, co-founder and president of ExtraHop Networks, detailed how his firm's network visibility platform can help detect and remediate ransomware.

Mukerji noted that a challenge with some types of ransomware detection technologies is they look north-south, that is traffic moving in and out of an enterprise to some form of hacker command-and-control node. The challenge with many types of ransomware approaches today is that it spreads east-west inside of an enterprise or data center. He explained that with ransomware, before there is even a command-and-control channel setup to transfer data outside of enterprise, an attacker will encrypt files and do bad things on the east-west corridor inside of the enterprise.

"Because ExtraHop provides scalable visibility into East-West traffic, whether it's LDAP, DNS or storage, we can show the establishment a ransomware bastion within the enterprise before it reports back," Mukerji said.

Further reading

For example, based on the network and user visibility provided by ExtraHop it's possible to identify if there has been some form of unusual file access. As such, if a user is found to be renaming and encrypting files, that's unusual access and could be an indication of a ransomware attack.

"Based on the fact that you can take a look and understand access patterns, identify anomalies and identify that bad things are happening in opaque areas that weren't really understood before, we can really shine a light and show what's happening with ransomware," Mukerji said.

Watch the full video with Raja Mukerji below:

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter@TechJournalist.